Research ProjectsI have always had the privilege of having many students interested in the research that I do, so several of my research projects have been carried out as a series of connected student projects. In the following, I distinguish between funded projects that have received substantial external funding and unfunded projects that have primarily been carried out by interested students.
Current Projects (funded)
BeKey ProximityThe BeKey Proximity project investigates proximity detection and situational awareness in order to develop a secure and reliable proximity unlocking services for the electronic door locks manufactured by BeKey A/S. The project is an industrial collaboration project between BeKey A/S and DTU Compute, which is supported by EU Regional Funds through the project Smart Innovation.
Identity Mapping Services:The Identity Mapping Services project examines the use of anonymous customer identifiers in the financial sector and how, where and when these identifiers can be mapped to real world identities (actual people) for regulatory and contractual requirements. We are currently investigating how a financial institution can manage accounts, according to regulation and good corporate governance, so that it is impossible for the financial institution to link the identity of private customers to the identity of "authorized persons" for corporate customers. The Identity Mapping Services project is in collaboration with Nykredit A/S and Signicat and funded by a small projects grant from Innovationsnetværket for Finans IT.
e-Identification (eID) for e-Government in Developing CountriesThe e-ID for e-Government in Developing Countries project examines the fundamental requirements for identification, authentication and identity management infrastructures that support e-Government in countries with poor IT and communication infrastructures and with populations with a high percentage of (computer) illiterates. The e-ID for e-Government in Developing Countries project is supported by a PhD Scholarship from the Libyan Government.
Current Projects (unfunded)
Secure WikiThe Secure Wiki project is an unfunded project conducted as a string of M.Sc. projects at the Technical University of Denmark. The project is developing a new proactive security mechanism for wiki systems, which restricts updates to high quality wiki-pages so that only authors who have provided equally high quality updates in the past will be allowed to update these pages.
CryptOSThe CryptOS project investigates the use of a cryptographic access control as the only access control mechanism in distributed systems. All data managed by the system are encrypted, which means that traditional authorization mechanisms are superfluous and that data can be safely given to anybody requesting it. In cryptographic access control, knowledge of keys corresponds to capabilities that allow principals to operate on data. The cryptographic access control model is client centric, which means that it will have better scalability than traditional server based access control mechanisms. Cryptographic access control is equally applicable to pervasive computing and Internet applications. I am the Principal Investigator in the CryptOS project and the proposer of cryptographic access control, which has also been explored in the Secure Deal Room project.
Past Projects (funded)
Managed Video as a ServiceThe Managed Video as a Service (MVaaS) project is an industrial collaboration project co-funded by the Danish Advanced Research Foundation (Højteknologifonden) and a number of companies including Milestone Systems A/S. The MVaaS project develops a new cloud-enabled infrastructure for searching and storing video data from camera surveillance systems. The MVaaS system, which is intended to replace Milestone Systems' existing products, investigates automatic feature extraction from video streams, efficient search structures for archived video data, context-aware access control models and mechanisms for both live and stored video data and cloud enabled storage architectures for video surveillance data. I am supervising the development of the access control model and co-supervising the work on the development of the storage architecture.
Device Comfort in Dynamic Ad-hoc NetworksThe Device Comfort in Dynamic Ad-hoc Networks project explores how the notion of "device comfort", in which devices sense the environment to establish their current context and resulting comfort level, may enhance the security of mobile users in highly dynamic networks, i.e. networks without fixed infrastructure and where the configuration changes frequently. The Device Comfort in Dynamic Ad-hoc Networks project is supported by the Joint-Training Program sponsored by Chinese Scholarship Council, which funds a visiting Ph.D. student from Xidian University in China for one year.
Secure Deal RoomThe Secure Deal Room project examined the problem of secure cloud storage in collaboration with the company Soonr. In most systems, data will be encrypted on a client, but it has to be decrypted by the cloud servers if data is to be shared with other users (so that it can be encrypted with a different key when it is transported to those users). We have developed a prototype extension to the Soonr system that implements cryptographic access control, which allows clients to share data in encrypted form, i.e. data is never decrypted in storage or transport. The Secure Deal Room project was supported by the EU regional funds through the project "Viden som Vækstmotor" (Knowledge as an Engine for Growth).
NaPILinkThe NaPILink (aka. nPOCT - networked Point Of Care Technology) project investigated a new networked architecture for medical equipment in telemedicine application. In particular, the project investigated the necessary steps in building medical equipment consisting of a sensor in the patient's home, which uses a secure connection to communicate sensor data to a medical server located at the health care provider (the GP's office, local health clinic or hospital). The project was carried out in collaboration with two Danish companies Nabto and Pallas Informatik. It was supported by a national network of excellence in innovative uses of IT called InfinIT and Medico Innovation, which is an innovation network for the medical technology industry established in the Copenhagen area.
Resilient Infrastructure and Building Security (RIBS)The RIBS-project (EU-FP7-242497) supports the design of effective and viable integrated security measures aimed at protecting infrastructures without impacting on their business dynamics. The RIBS project delivered more effective and viable security measures by supporting a design process that integrates a broader understanding of the environment (and the contextual factors such as human elements) within which these measures are meant to be implemented. The RIBS-project derived a scientific method for security system engineering design that can be challenged and improved over the years, similarly to other areas of engineering and physical sciences.
Building Intelligence Into Intelligent BuildingsThe Building Intelligence Into Intelligent Buildings (BIIIB ? pronounced B3B) project was an internally funded project at the Technical University of Denmark, which combined sensor networks and machine learning to develop a self-programming intelligent building environment that automatically adapts to the current needs of the inhabitants.
NODESThe Network On DEpendable Systems (NODES) was a NordForsk funded Nordic network of excellence in dependable systems. Part of the goal of NODES was to develop a Common Nordic Curriculum for Dependability, which is to be used when teaching dependability to students in third level institutions.
Danish Centre of Excellence in the Technology and Economy of Wireless CommunicationsFunded by the Danish Ministry of Education, the centre of excellence provides a "knowledge base" and a bridge between industry and academia in the areas of wireless technology and the economy of wireless communications systems. I was a member of the centre's scientific council.
RF-Based Positioning ServiceZ-Wave is a wireless communication protocol developed by the company Zensys A/S (now part of Sigma Designs Inc.) for control, monitoring and home automation applications. Z-Wave is very light-weight which means that it can be embedded in small and relatively cheap devices. The purpose of this project was to develop a RF-based positioning service, in order to investigate the accuracy of RF-Based positioning based on the Z-Wave protocol. As Z-Wave devices are expected to be scattered around the building, e.g., it may be used for lighting control where radio control replaces traditional wired light switches, trilateration will be based on a large number of cheap and possibly inaccurate measurements. This project examined whether a higher number of nodes participating in the triangulation may compensate the expected inaccuracy of the cheap hardware.
I was the Principal Investigator in the RF-Based Positioning Service, leading a team of two M.Sc. dissertation students. The RF-Based Positioning Service was sponsored by an equipment grant from Zensys A/S.
Danish Center for Grid ComputingGrid computing is based on the idea of joining individual computers and clusters of computers and organizing them into a single logical entity with a common interface. This interface acts as a meta-computer offering, for example, uniform access control and resource locator services to the user applications. By using these services, applications can be developed and tested on local machines and subsequently submitted to the meta-computer without modifications when a significant increase in computer resources are needed for the project.
I co-supervised one Ph.D. student working on security in the NorduGrid system and I supervised one M.Sc. student working on security based on Trust Management in open Grid infrastructures. The Danish Center for Grid Computing was sponsored by the Danish Science Research Council (SNF).
iTrustThe aim of iTrust was to provide a forum for cross-disciplinary investigation of the application of trust as a means of establishing security and confidence in the global computing infrastructure, recognizing trust as a crucial enabler for meaningful and mutually beneficial interactions. The iTrust forum brought together researchers with a keen interest of complementary aspects of trust, from both technology-oriented disciplines and the field of law, social sciences and philosophy. Hence providing the consortium participants (and the research communities associated with them) with the common background necessary for advancing toward an in-depth understanding of the fundamental issues and challenges in the area of trust management in open systems.
I was the site leader at Trinity College Dublin for iTrust and a member of the iTrust Steering Committee. iTrust (IST-2001-34910) is a thematic network on trust management in open distributed systems. iTrust was sponsored by the European Union.
SECUREThe Secure Environments for Collaboration among Ubiquitous Roaming Entities (SECURE) project addressed the problem of security in a global computing infrastructure, where entities are both autonomous and mobile and therefore have to be capable of dealing with unforeseen circumstances ranging from unexpected interactions with other entities to disconnected operation. The properties of the global computing infrastructure introduce new security challenges that are not adequately addressed by existing security models and mechanisms. SECURE proposed a security mechanism based on the human notion of trust, which determines whether the level of trust in the other party is sufficient to offset the risk of the interaction. This requires the system to manage the complete trust life-cycle and to assess the risk of the particular interaction in real-time.
I was the principal investigator for the security framework design in the SECURE project, which employed three post graduate students and a Post Doc. SECURE (IST-2001-32486) was a Future and Emerging Technologies project sponsored by the European Union.
CuchulainnSuccessful integration of existing enterprise systems and Internet applications requires a very general access control model combined with a flexible access control mechanism that allows implementation of the full spectrum of access control policies. The Cuchulainn project developed of a flexible access control mechanism, based on active software capabilities, which is capable of supporting a wide variety of different access control models. Empirical evaluation of the developed mechanism showed how the mechanism is able to supports the most common access control models. Tools and guidelines to help instantiate the different access control models on the developed mechanism were developed as part of the project.
I was the principal investigator in the Cuchulainn project, which employed one Ph.D. student. Cuchulainn was funded by Iona Technologies Plc., one of the leading suppliers of CORBA technology.
KaffemikThe availability of high bandwidth and low latency data communications has particular implications on the way we design and implement distributed operating systems, especially with respect to global management of resources. The purpose of this project was to explore these implications in the context of global management of main memory. The Kaffemik project developed two prototypes of a distributed operating systems that supported the Java programming language. The first prototype added global resource management facilities to a traditional distributed operating system design (this prototype was called the kernel extension prototype,) while the second prototype integrated global resource management from the early design stages of a new operating system (this prototype was called the integrated kernel prototype.) The two prototypes were necessary to directly evaluate the impact of different design choices on the overall architecture.
I was the Principal Investigator in the Kaffemik Project, which involved leading a team consisting of one research assistant, one Ph.D. student and two M.Sc. students. Kaffemik was funded by the Irish Higher Education Authority (HEA) under the Institute for Information Technology and Advanced Computing (IITAC) programme.
AriasThe Arias project developed a Distributed Shared Memory (DSM) system, which implemented a Single Address Space Architecture (SASA) on top of a commodity operating system (AIX 4.1). Arias was developed as a part of the SIRAC (Systèmes Informatiques Répartis pour Applications Coopératives - Distributed Systems for Cooperative Applications) project at INRIA Rhône-Alpes.
I was a Ph.D. student in the Arias project, where I designed, implemented and evaluated a new access control model in Arias based on the concept of "Hidden Software Capabilities".
GuideGuide is the name of a distributed object-oriented programming environment developed by Bull-IMAG Systèmes in Grenoble, France. I was an M.Sc. student in the Guide project, where I designed, implemented and evaluated a load distribution facility for Guide-2, a version of Guide implemented on top of the Mach 3 micro kernel.
Past Projects (unfunded)
Solar Decathlon Europe 2012 and 2014The U.S. Department of Energy Solar Decathlon is an award-winning program that challenges collegiate teams to design, build, and operate solar-powered houses that are cost-effective, energy-efficient, and attractive. The winner of the competition is the team that best blends affordability, consumer appeal, and design excellence with optimal energy production and maximum efficiency. DTU (Team Fold) is one of the 20 teams that qualified for the final of Solar Decathlon Europe in September 2012 in Madrid, Spain, where we obtained 11th place. DTU (Team Embrace) qualified again for the final in June 2014 in Versailles, France. In both competitions, I supervised the development of the intelligent home control system by students from the Department of Applied Mathematics and Computer Science, the Department of Photonics Engineering, and the Department of Electrical Engineering.
Wikipedia Recommender SystemThe Wikipedia Recommender System (WRS) was an unfunded project, carried out as a string of M.Sc. projects and special courses at the Technical University of Denmark. The WRS project developed a recommender system for the Wikipedia which allows Wikipedia readers to assess the quality of articles based on the feed-back from other Wikipedia users. Work on the WRS finished in 2012, because similar ideas were being integrated into the WikiMedia software used to host the Wikipedia.
Key WordsComputer security, access control models, policies and mechanisms, authentication and identity management, trust management in distributed systems, reputation systems, collaboration on the Internet, security in ambient intelligence, distributed systems, distributed resource scheduling, resource sharing.